Examples with Response org.opensaml.saml.saml2.ecp.Response used on opensource projects

Example 56 with Response

use of org.opensaml.saml.saml2.ecp.Response in project verify-hub by alphagov.

the class CountryAuthnResponseTranslatorService method toModel.

private InboundResponseFromCountry toModel(ValidatedResponse response, Optional<Assertion> validatedIdentityAssertionOptional, String matchingServiceEntityId) {
    Optional<PassthroughAssertion> passthroughAssertion = validatedIdentityAssertionOptional.map(validatedIdentityAssertion -> passthroughAssertionUnmarshaller.fromAssertion(validatedIdentityAssertion, true));
    Optional<LevelOfAssurance> levelOfAssurance = passthroughAssertion.flatMap(assertion -> assertion.getAuthnContext()).map(AuthnContext::name).filter(string -> !isNullOrEmpty(string)).map(LevelOfAssurance::valueOf);
    IdpIdaStatus status = statusUnmarshaller.fromSaml(response.getStatus());
    return new InboundResponseFromCountry(response.getIssuer().getValue(), validatedIdentityAssertionOptional.map(Assertion::getSubject).map(Subject::getNameID).map(NameID::getValue), Optional.ofNullable(status).map(IdpIdaStatus::getStatusCode).map(IdpIdaStatus.Status::name), status.getMessage(), passthroughAssertion.map(assertion -> assertionBlobEncrypter.encryptAssertionBlob(matchingServiceEntityId, assertion.getUnderlyingAssertionBlob())), levelOfAssurance);
}

Example 57 with Response

use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.

the class Saml2AttributeQueryProfileHandlerController method handlePostRequest.

/**
 * Handle post request.
 *
 * @param response the response
 * @param request  the request
 */
@PostMapping(path = SamlIdPConstants.ENDPOINT_SAML2_SOAP_ATTRIBUTE_QUERY)
protected void handlePostRequest(final HttpServletResponse response, final HttpServletRequest request) {
    final MessageContext ctx = decodeSoapRequest(request);
    final AttributeQuery query = (AttributeQuery) ctx.getMessage();
    try {
        final String issuer = query.getIssuer().getValue();
        final SamlRegisteredService service = verifySamlRegisteredService(issuer);
        final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = getSamlMetadataFacadeFor(service, query);
        if (!adaptor.isPresent()) {
            throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
        }
        final SamlRegisteredServiceServiceProviderMetadataFacade facade = adaptor.get();
        verifyAuthenticationContextSignature(ctx, request, query, facade);
        final Map<String, Object> attrs = new LinkedHashMap<>();
        if (query.getAttributes().isEmpty()) {
            final String id = this.samlAttributeQueryTicketFactory.createTicketIdFor(query.getSubject().getNameID().getValue());
            final SamlAttributeQueryTicket ticket = this.ticketRegistry.getTicket(id, SamlAttributeQueryTicket.class);
            final Authentication authentication = ticket.getTicketGrantingTicket().getAuthentication();
            final Principal principal = authentication.getPrincipal();
            final Map<String, Object> authnAttrs = authentication.getAttributes();
            final Map<String, Object> principalAttrs = principal.getAttributes();
            query.getAttributes().forEach(a -> {
                if (authnAttrs.containsKey(a.getName())) {
                    attrs.put(a.getName(), authnAttrs.get(a.getName()));
                } else if (principalAttrs.containsKey(a.getName())) {
                    attrs.put(a.getName(), principalAttrs.get(a.getName()));
                }
            });
        }
        final Assertion casAssertion = buildCasAssertion(issuer, service, attrs);
        this.responseBuilder.build(query, request, response, casAssertion, service, facade, SAMLConstants.SAML2_SOAP11_BINDING_URI);
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        request.setAttribute(SamlIdPConstants.REQUEST_ATTRIBUTE_ERROR, e.getMessage());
        samlFaultResponseBuilder.build(query, request, response, null, null, null, SAMLConstants.SAML2_SOAP11_BINDING_URI);
    }
}

Example 58 with Response

use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.

the class SSOSamlProfileCallbackHandlerController method validateRequestAndBuildCasAssertion.

private Assertion validateRequestAndBuildCasAssertion(final HttpServletResponse response, final HttpServletRequest request, final Pair<AuthnRequest, MessageContext> pair) throws Exception {
    final AuthnRequest authnRequest = pair.getKey();
    final String ticket = CommonUtils.safeGetParameter(request, CasProtocolConstants.PARAMETER_TICKET);
    this.ticketValidator.setRenew(authnRequest.isForceAuthn());
    final String serviceUrl = constructServiceUrl(request, response, pair);
    LOGGER.trace("Created service url for validation: [{}]", serviceUrl);
    final Assertion assertion = this.ticketValidator.validate(ticket, serviceUrl);
    logCasValidationAssertion(assertion);
    return assertion;
}

Example 59 with Response

use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.

the class AbstractSaml20ObjectBuilder method newAssertion.

/**
 * Create a new SAML1 response object.
 *
 * @param authnStatement the authn statement
 * @param issuer         the issuer
 * @param issuedAt       the issued at
 * @param id             the id
 * @return the assertion
 */
public Assertion newAssertion(final List<Statement> authnStatement, final String issuer, final ZonedDateTime issuedAt, final String id) {
    final Assertion assertion = newSamlObject(Assertion.class);
    assertion.setID(id);
    assertion.setIssueInstant(DateTimeUtils.dateTimeOf(issuedAt));
    assertion.setIssuer(newIssuer(issuer));
    assertion.getStatements().addAll(authnStatement);
    return assertion;
}

Example 60 with Response

use of org.opensaml.saml.saml2.ecp.Response in project cas by apereo.

the class SamlResponseAuditResourceResolver method getPrincipalIdFromSamlEcpResponse.

private String[] getPrincipalIdFromSamlEcpResponse(final Envelope envelope) {
    final List<XMLObject> objects = envelope.getBody().getUnknownXMLObjects();
    if (objects.isEmpty()) {
        return new String[] {};
    }
    final XMLObject object = objects.get(0);
    if (object instanceof Response) {
        return getPrincipalIdFromSamlResponse((Response) object);
    }
    if (object instanceof Fault) {
        return getPrincipalIdFromSamlEcpFault((Fault) object);
    }
    return new String[] {};
}